From Paul's Security Weekly
Recorded January 6, 202 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Topic: Privacy by Design
- Privacy by Design - The 7 Foundational Principles
- Proactive not Reactive; Preventative not Remedial
- Privacy as the Default
- Privacy Embedded into Design
- Full Functionality – Positive-Sum, not Zero-Sum
- End-to-End Security – Lifecycle Protection
- Visibility and Transparency
- Respect for User Privacy
- OWASP API Security Project
Featured Flaws & Big Breaches
- Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities. -- Not likely common software among the DevOps crowd, but the variety of vulns reads like a review of the OWASP Top 10 list. Looks like 2020 will keep plenty of app flaws alive and well.
Cloud, Code & Controls
- Python is dead. Long live Python! -- Version 3 from here on out. (Unless you really have to delay until April.)
- Why Cloud, Collaboration Breed Insider Threats -- Automation still needs access controls.
Learning & Tools
- Breaking Down the OWASP API Security Top 10, Part 1 and Part 2 -- Two older articles that serve as good reminders about the OWASP API Security Top 10. It's a more relevant and meaningful list than its OWASP Top 10 predecessor.
Food for Thought
- Facebook will stop mining contacts with your 2FA number
- 6 Security Team Goals for DevSecOps in 2020
- 7 security incidents that cost CISOs their jobs -- Application security has consequences, but the message here isn't about job security.